Privacy Policy

Resa Health, Inc. (“Resa”) offers psychedelic assisted therapies that are supervised by doctors and personalized to patients.

This Privacy Policy describes how Resa collects, uses, discloses and otherwise processes personal information from patients, healthcare providers, and website visitors in connection with our websites and applications (collectively, “the Services”), and explains the rights and choices available to individuals with respect to their information.

Personal information we collect

Information you provide to us:

• Account information, such as your first and last name, date of birth, email and mailing addresses, phone number, and gender.
• ‍Intake information, such as your treatment goals and treatment preferences.‍
• Health and medical information, such as information about your health conditions and diagnoses, lab results, family medical history, and medications.‍
• Health insurance information, such as carrier and insurance plan information. ‍
• Audio and video feed, when you participate in our video sessions. We may record your audio and video conversations for quality and training purposes, and to advance and optimize our Services.‍
• Professional credentials, such as your medical license information. ‍
• Payment and transaction information needed to complete your purchases (including name, payment card information, billing information), and your transaction history. Payment information is processed by our third-party payment processor Stripe, and we do not have access to payment card numbers. Please see the “Stripe” section below for additional information regarding how Stripe handles your personal information.‍
• Feedback or correspondence, such as information you provide when you contact us with questions, feedback, survey responses, or otherwise correspond with us online.‍
• Usage information, such as information about how you use the Services and interact with us, including information you provide when you use any interactive features of the Services.‍
• Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.

Information we obtain from third parties, such as the medical information we may collect from your referring healthcare provider. With your authorization and after you have created an account with us, we may collect medical information about you from various healthcare providers from which you have received services. This may include information regarding health conditions, diagnoses, testing information, treatments, medical history, medications, and lab results.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:

• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.‍
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

• Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.‍
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.‍
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How we use your personal information

To operate our Services:

• Maintain, secure and improve our Services
• Provide the Services, including collecting and/or making available your health and medical information to you and your healthcare providers
• Provide information about our Services
• Communicate with you about our Services,including by sending you announcements, updates, security alerts, and support and administrative messages, including to keep your account and linked medical record accounts up to date
• Understand your needs and interests, and personalize your experience with our Services and our communications
• Respond to your requests, questions and feedback

For research and development. To analyze and improve the Services and to develop new products and Services, including by studying use of our Services.

For direct marketing. We may from time-to-time send you direct marketing communications via email as permitted by law, including, but not limited to, and notifying you of special promotions and offers. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.

To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

To create anonymous data. To create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services, conduct research, and promote our business.

How we share your personal information

Healthcare providers. With your authorization, we will share your personal information, including your health and medical information, with your healthcare providers.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above. 

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Your choices

Access or update your information. If you have registered for an account with us, you may review and update certain information in your account profile by logging into your account.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email or by contacting us at hello@resahealth.com. You may continue to receive service-related and other non-marketing emails. 

Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our Services, which we have summarized below:

• Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
  
  Use the following links to learn more about how to control cookies and online tracking through your browser: Firefox; Chrome; Microsoft Edge; Safari‍
• Using privacy plug-ins or browsers. You can block our Services from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlockOrigin, and configuring them to block third party cookies/trackers.

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Stripe

Payments on our Services are handled by Stripe, and the information you provide to Stripe in connection with your payment information and transactions is handled in accordance with Stripe’s Terms of Service and Privacy Policy. Your payment data is stored by Stripe.

For more information, please read Stripe’s Services Agreement here and Privacy Statement here.

Other sites, mobile applications and services

Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition,our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security practices

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

Children 

Our Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.

International data transfer

We are headquartered in the United States and may use services providers that operate in other countries. Your personal information may therefore be processed in the United States or transferred to other locations where privacy laws may not be as protective as those in your state, province, or country.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our Services.

How to contact us

Please direct any questions or comments about this Policy or privacy practices to hello@resahealth.com. You may also write to us via postal mail at:

Resa Health
228 Park Ave S
Ste 82898
New York, New York 10003